seccomp: Check if syscall is supported on compat architecture.

Signed-off-by: Ruben Jenster <r.jenster@drachenfels.de>
lxc · Oct 13, 2020 · fbec5f8 · fbec5f8
1 parent 11d123b
commit fbec5f8
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
@@ -531,6 +531,11 @@ static bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
 		return true;
 	}
 
+	if (arch != SCMP_ARCH_NATIVE && seccomp_syscall_resolve_name_arch(arch, line) < 0) {
+		INFO("The syscall \"%s\" nr:%d is not supported on compat arch:%d", line, nr, arch);
+		return true;
+	}
+
 	memset(&arg_cmp, 0, sizeof(arg_cmp));
 	for (i = 0; i < rule->args_num; i++) {
 		INFO("arg_cmp[%d]: SCMP_CMP(%u, %llu, %llu, %llu)", i,